Opportunities and efficiencies arising from enterprise risk management (ERM) are widely recognised and advocated. Why, then, are some organisations not yet fully embracing the process? Why do strategies for embedding risk management sometimes come off the rails?
The key to anticipating such matters is understanding the different perspectives which exist on risk management. While high-level overviews are important in devising appropriate implementation strategies, management viewpoints also need to be taken into account.
Adequate consideration given to the perspectives of senior management teams will maximise the chances of successfully embedding an effective system. Human as well as organisational issues must be addressed. Failure to identify material issues and to address them satisfactorily at the outset invariably results in unnecessary hurdles to implementation.
Identifying the hurdles
Many best practices for risk management and internal control systems are detailed in corporate governance codes, risk standards and guidance notes. These overlie complex regulatory and contractual compliance obligations. Even independent assurance and inspection processes are highly structured. All this detail is not a natural starting point for convincing busy management teams that ERM is a straight-forward, value-adding business process. So what is to be done?
Most businesses generally embrace risk management willingly, once they are clear as to the benefits, cut through the jargon and understand what is required of them. Process-based businesses have particularly valuable internal disciplines upon which ERM can easily be grounded. However, there will inevitably be some functional or business areas which will shy away from active involvement in change. For the risk management practitioner, evidence of silo management signals that without positive intervention or ongoing care, an ERM roll-out may stall.
Sponsorship from the senior executive team is a well-known prerequisite to effective ERM. Yet, even achieving this process-critical milestone depends upon first identifying those issues which will convince the entire team to approve the roll-out and actively support it.
Winning over a key senior individual will get ERM off the mark in an organisation. However, if peer-to-peer adoption and, thus, an enthusiastic cascade of the process do not follow, the effectiveness of the process a year or so later is under threat. This is the very time when benefits are likely to start to flow.
Would a CFO logically respond to promoting and operating the ERM process within the finance team in the same way that a business development director might do within the creative, sales and marketing teams? What about the CEO's attitude? Each individual will have different perspectives and objectives for integration with their own processes. The business' ERM strategy must recognise this to an appropriate degree in order to improve its prospects for success.
ERM project roll-out must ensure that the day-to-day responsibilities continue to be addressed. Resourcing the project adequately is thus a challenge in itself. Natural allies for risk managers seeking to promote ERM include planning, insurance, compliance and assurance functions. Understanding their perspectives on ERM is important to ensure the best use of resources and the optimisation of the respective systems.
But will wider management respond? Are they encouraged to think outside the box or merely to operate within the confines of their responsibilities? Will the business be ready to capitalise upon the enthusiasm and momentum created by ERM? Viewing threats and opportunities from colleagues' perspective demonstrably improves organisation-wide understanding.
Rising to the challenge
To embed an ERM process effectively, it must be designed to take account of the business needs and perspectives of individuals. Management tools and training can be structured to deliver the technical solutions.
With clear process objectives and fine-tuning of the roll-out, ERM can be successfully embedded. Its immediate and ongoing benefits will then be significantly enhanced.
Peter Atkin is managing director of CYCLICK Risk Management Solutions, www.cyclick.co.uk , Tel: 01403 750057, e-mail: email@example.com
Aspects to consider when forming an ERM strategy